Goodboy
makes
passwords
flow.
A Mac app and MCP server that moves credentials between iCloud Keychain, Chrome, KeePassXC, and other password stores.
The people who need Goodboy usually have the same setup: iCloud on the iPhone, Chrome on the Mac, maybe KeePassXC as a local backup. That is exactly where mainstream managers stop being helpful: passkeys get stranded, TOTP seeds do not make the trip, and you end up exporting a CSV and hoping you remember to delete it.
Goodboy takes a different path. It reads and writes Chrome's local database on your Mac, imports and exports Apple's passkeys and OTP data, and exposes KeePassXC, Bitwarden, 1Password, ProtonPass, and the rest over MCP. 1Password and Bitwarden built MCP servers for their own vaults; Goodboy is the bridge for the sources that still did not have one: Chrome's local database, iCloud Keychain, KeePassXC, and ProtonPass.
iCloud
260
Brave
2
Chrome — Smart Home
30
Edge
1
Opera
1
Chrome — Personal
11
Chrome — Work
1
1Password
1
Bitwarden
642
ProtonPass
618
KeePass CLI — Passwords...
86
KeePass CLI — Passwords3...
1
The Native Paradox
There's a reason Apple Passwords feels more natural on Safari than any third-party extension, and it's the same reason Google's password manager works better on Chrome and Android. The native managers are built into the operating system and the browser. Everything else is bolted on from outside.
The gap is architectural, not effort. Natives get privileged access to hardware security modules, UI frameworks, form parsing, and authentication pipelines. Third-party managers (Bitwarden, 1Password, Dashlane) reach the same surfaces through mediated public APIs — with intentional limitations built in.
Under the hood.
Three technical choices that set Goodboy apart.
AES-256-GCM SQLite, Safe Storage key from the macOS Keychain, dual-table sync mode across six Chromium browsers.
Apple's system hands the app a one-shot token via ASCredentialExchangeActivity; Goodboy redeems it with ASCredentialImportManager and writes straight into KeePassXC. Solves KeePassXC issue #11363 from the outside.
Most tools treat Apple's Credential Exchange Protocol as read-only. Goodboy writes back too — passkeys, passwords, and OTP seeds, both directions.
Not a vault.
A credential routing layer.
Credentials come in, move across systems, and leave. SecuredBox holds them in RAM only, cleared on quit, on explicit clear, or at flow end. Nothing stays behind.
The App.
Free. Native. Yours.
A free macOS app. Pick a source, pick a destination, Goodboy handles the rest. Browsers and KeePassXC auto-discover; password managers with their own CLI take a one-time setup.
Download for Mac
The MCP Server.
Credentials for agents.
1Password and Bitwarden ship MCP servers for their own vaults. Goodboy's server also reaches Chrome's local SQLite, iCloud Keychain, and KeePassXC — sources most credential MCP servers do not expose.
MCP Server
Pro.
The Native Paradox, resolved.
Your top passwords, auto-synced between iCloud and Google. Headless Chrome write, single-item iCloud sync, AI-powered import, SecuredBox editing.
Buy once, own it forever.